[an error occurred while processing this directive] [an error occurred while processing this directive]
[an error occurred while processing this directive]
[an error occurred while processing this directive]
Monash University

FIT3056 Secure and trusted software systems - Semester 2, 2012

Students are introduced to some of the most common security issues involved in the development of software, including secure coding practices, secure database access, secure data communications, security of web applications, use of encryption techniques and security testing. Students are provided with a range of practical exercises to reinforce their skills, including authenticating and authorising users programmatically, user input validation, developing secure web, mobile/wireless and database applications, encrypting and hashing data programmatically, generating digital signatures programmatically, security testing, designing logging and auditing mechanisms.

Mode of Delivery

Caulfield (Day)

Contact Hours

2 hrs lectures/wk, 2 hrs laboratories/wk

Workload

Workload commitments per week are:

Two-hour lecture, two-hour tutorial (or laboratory) requiring preparation in advance, and a minimum of two-hours of personal study per one-hour of contact time in order to satisfy the reading and assignment expectations.

Unit Relationships

Prerequisites

FIT1002 and one of FIT1019 or FIT2078

Chief Examiner

Dr Phu Le

Campus Lecturer

Caulfield

Phu Dung Le

Tutors

Caulfield

Phu Dung Le

Consultation hours: Tuesday 2pm - 4pm

Academic Overview

Outcomes

At the completion of this unit students will have -
A knowledge and understanding of:
  • some of the main security concepts and issues involved in the development of software, including: Software security versus other aspects of computer security; goals of secure and trusted software; vulnerabilities versus threats; best software development principles and practices; buffer overflows; security of programming platforms; authentication and authorisation; principle of least privilege; security features are not equal to secure features; secure use of encryption; user input validation; reliable software components; data privacy; auditing and logging; security testing;
  • the importance of developing secure software in today's electronic world.
Developed the skills to:
  • design applications with security in mind;
  • validate user input;
  • implement secure authentication mechanisms;
  • authorise users access to various protected resources;
  • encrypt files and hash passwords;
  • store session data securely in web applications;
  • perform secure database access;
  • set up secure transfer of data;
  • create security logs;
  • test software for security vulnerabilities.

Graduate Attributes

Monash prepares its graduates to be:
  1. responsible and effective global citizens who:
    1. engage in an internationalised world
    2. exhibit cross-cultural competence
    3. demonstrate ethical values
  2. critical and creative scholars who:
    1. produce innovative solutions to problems
    2. apply research skills to a range of challenges
    3. communicate perceptively and effectively

Assessment Summary

Examination (3 hours): 60%; In-semester assessment: 40%

Assessment Task Value Due Date
Assignment 1 - Identify software design and implementation vulnerabilities, and propose solutions 20% Week 8, Friday 4pm
Assignment 2 - Design and implementation of secure and trusted applications using cryptography either in wired or wireless environments 20% Week 12, Friday 4pm
Examination 1 60% To be advised

Teaching Approach

Lecture and tutorials or problem classes
This teaching and learning approach provides facilitated learning, practical exploration and peer learning.

Feedback

Our feedback to You

Types of feedback you can expect to receive in this unit are:
  • Informal feedback on progress in labs/tutes

Your feedback to Us

Monash is committed to excellence in education and regularly seeks feedback from students, employers and staff. One of the key formal ways students have to provide feedback is through SETU, Student Evaluation of Teacher and Unit. The University's student evaluation policy requires that every unit is evaluated each year. Students are strongly encouraged to complete the surveys. The feedback is anonymous and provides the Faculty with evidence of aspects that students are satisfied and areas for improvement.

For more information on Monash's educational strategy, and on student evaluations, see:
http://www.monash.edu.au/about/monash-directions/directions.html
http://www.policy.monash.edu/policy-bank/academic/education/quality/student-evaluation-policy.html

Previous Student Evaluations of this unit

Previous feedback from students has shown the importance of this unit as part of the undergraduate degree. Students who did this unit had an advantage in job interviews and when working in software development.

If you wish to view how previous students rated this unit, please go to
https://emuapps.monash.edu.au/unitevaluations/index.jsp

Unit Schedule

Week Activities Assessment
0   No formal assessment or activities are undertaken in week 0
1 Introduction to software design and implementation  
2 Computer software security problems and solutions  
3 Computer software security problems and solutions (continued)  
4 Principles of secure software design and implementation  
5 Concurrent programming and software security  
6 Concurrent programming and software security (continued)  
7 Building secure networked and distributed applications  
8 Building secure networked and distributed applications (continued) Assignment 1 due Week 8, Friday 4pm
9 Building trusted software systems  
10 Secure software testing and verification  
11 Secure software testing and verification (continued)  
12 Research in software security and trusted systems Assignment 2 due Week 12, Friday 4pm
  SWOT VAC No formal assessment is undertaken in SWOT VAC
  Examination period LINK to Assessment Policy: http://policy.monash.edu.au/policy-bank/
academic/education/assessment/
assessment-in-coursework-policy.html

*Unit Schedule details will be maintained and communicated to you via your MUSO (Blackboard or Moodle) learning system.

Assessment Requirements

Assessment Policy

Faculty Policy - Unit Assessment Hurdles (http://www.infotech.monash.edu.au/resources/staff/edgov/policies/assessment-examinations/unit-assessment-hurdles.html)

Academic Integrity - Please see the Demystifying Citing and Referencing tutorial at http://lib.monash.edu/tutorials/citing/

Assessment Tasks

Participation

  • Assessment task 1
    Title:
    Assignment 1 - Identify software design and implementation vulnerabilities, and propose solutions
    Description:
    This assignment does not require you to write your own code. You will research and study other people' programs, identify possible vulnerabilities and propose solutions to secure those programs either in wired or wireless environments. 

    If you analyse the vulnerabilities of the programs correctly in your report and understand the problems well, this will give you 30% of the total marks. Your demonstration will give you another 40% and your proposed security solutions another 30%. 

    More details will be provided on the Assignment specification.
    Weighting:
    20%
    Criteria for assessment:

    Assessment will depend mainly on how well you can demonstrate a clear understanding of your work, theoretically and practically.

    Due date:
    Week 8, Friday 4pm
  • Assessment task 2
    Title:
    Assignment 2 - Design and implementation of secure and trusted applications using cryptography either in wired or wireless environments
    Description:
    You will need to complete a programming task with well explained documentation, write a report to explain why your code is secure and meets the requirements of secure and trusted software, demonstrate your program to the tutor, and answer the tutor's questions at an interview. 

    Your report will give you 30% of the total marks. If your code works and meets the assignment requirements of secure and trusted software, this will give another 50% of the total marks. Your demonstration and answers to interview questions will give you another 20%.

    More details will be provided on the Assignment specification.
    Weighting:
    20%
    Criteria for assessment:

    Assessment will depend mainly on how well you can demonstrate a clear understanding of your work, theoretically and practically.

    Due date:
    Week 12, Friday 4pm

Examinations

  • Examination 1
    Weighting:
    60%
    Length:
    3 hours
    Type (open/closed book):
    Closed book
    Electronic devices allowed in the exam:
    None

Assignment submission

It is a University requirement (http://www.policy.monash.edu/policy-bank/academic/education/conduct/plagiarism-procedures.html) for students to submit an assignment coversheet for each assessment item. Faculty Assignment coversheets can be found at http://www.infotech.monash.edu.au/resources/student/forms/. Please check with your Lecturer on the submission method for your assignment coversheet (e.g. attach a file to the online assignment submission, hand-in a hard copy, or use an online quiz).

Online submission

If Electronic Submission has been approved for your unit, please submit your work via the VLE site for this unit, which you can access via links in the my.monash portal.

Extensions and penalties

Submission must be made by the due date otherwise penalties will be enforced.

You must negotiate any extensions formally with your campus unit leader via the in-semester special consideration process: http://www.infotech.monash.edu.au/resources/student/equity/special-consideration.html.

Returning assignments

Students can expect assignments to be returned within two weeks of the submission date or after receipt, whichever is later.

Other Information

Policies

Monash has educational policies, procedures and guidelines, which are designed to ensure that staff and students are aware of the University's academic standards, and to provide advice on how they might uphold them. You can find Monash's Education Policies at:
http://policy.monash.edu.au/policy-bank/academic/education/index.html

Key educational policies include:

Student services

The University provides many different kinds of support services for you. Contact your tutor if you need advice and see the range of services available at www.monash.edu.au/students. For Sunway see http://www.monash.edu.my/Student-services, and for South Africa see http://www.monash.ac.za/current/

The Monash University Library provides a range of services and resources that enable you to save time and be more effective in your learning and research. Go to http://www.lib.monash.edu.au or the library tab in my.monash portal for more information. At Sunway, visit the Library and Learning Commons at http://www.lib.monash.edu.my/. At South Africa visit http://www.lib.monash.ac.za/.

Academic support services may be available for students who have a disability or medical condition. Registration with the Disability Liaison Unit is required. Further information is available as follows:

  • Website: http://monash.edu/equity-diversity/disability/index.html;
  • Email: dlu@monash.edu
  • Drop In: Equity and Diversity Centre, Level 1 Gallery Building (Building 55), Monash University, Clayton Campus, or Student Community Services Department, Level 2, Building 2, Monash University, Sunway Campus
  • Telephone: 03 9905 5704, or contact the Student Advisor, Student Commuity Services at 03 55146018 at Sunway
[an error occurred while processing this directive]